diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/openssh-6.8p1/HPN-README work/openssh-6.8p1/HPN-README
--- work.clean/openssh-6.8p1/HPN-README	1969-12-31 18:00:00.000000000 -0600
+++ work/openssh-6.8p1/HPN-README	2015-04-01 22:16:49.869215000 -0500
@@ -0,0 +1,129 @@
+Notes:
+
+MULTI-THREADED CIPHER:
+The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
+on hosts with multiple cores to use more than one processing core during encryption. 
+Tests have show significant throughput performance increases when using MTR-AES-CTR up 
+to and including a full gigabit per second on quad core systems. It should be possible to 
+achieve full line rate on dual core systems but OS and data management overhead makes this
+more difficult to achieve. The cipher stream from MTR-AES-CTR is entirely compatible with single 
+thread AES-CTR (ST-AES-CTR) implementations and should be 100% backward compatible. Optimal 
+performance requires the MTR-AES-CTR mode be enabled on both ends of the connection. 
+The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same way with the same
+nomenclature. 
+Use examples: 	ssh -caes128-ctr you@host.com
+		scp -oCipher=aes256-ctr file you@host.com:~/file
+
+NONE CIPHER:
+To use the NONE option you must have the NoneEnabled switch set on the server and
+you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE
+feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not 
+spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will
+be disabled. 
+
+The performance increase will only be as good as the network and TCP stack tuning
+on the reciever side of the connection allows. As a rule of thumb a user will need 
+at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The
+HPN-SSH home page describes this in greater detail. 
+
+http://www.psc.edu/networking/projects/hpn-ssh
+
+BUFFER SIZES:
+
+If HPN is disabled the receive buffer size will be set to the 
+OpenSSH default of 64K.
+
+If an HPN system connects to a nonHPN system the receive buffer will
+be set to the HPNBufferSize value. The default is 2MB but user adjustable.
+
+If an HPN to HPN connection is established a number of different things might
+happen based on the user options and conditions. 
+
+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set 
+HPN Buffer Size = up to 64MB 
+This is the default state. The HPN buffer size will grow to a maximum of 64MB 
+as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is 
+geared towards 10GigE transcontinental connections. 
+
+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
+HPN Buffer Size = TCP receive buffer value. 
+Users on non-autotuning systesm should disable TCPRcvBufPoll in the 
+ssh_cofig and sshd_config
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
+HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize. 
+This would be the system defined TCP receive buffer (RWIN).
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize. 
+Generally there is no need to set both.
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
+HPN Buffer Size = grows to HPNBufferSize
+The buffer will grow up to the maximum size specified here. 
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize. 
+Generally there is no need to set both of these, especially on autotuning 
+systems. However, if the users wishes to override the autotuning this would be 
+one way to do it.
+
+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
+HPN Buffer Size = TCPRcvBuf. 
+This will override autotuning and set the TCP recieve buffer to the user defined 
+value.
+
+
+HPN Specific Configuration options
+
+TcpRcvBuf=[int]KB client
+      set the TCP socket receive buffer to n Kilobytes. It can be set up to the 
+maximum socket size allowed by the system. This is useful in situations where 
+the tcp receive window is set low but the maximum buffer size is set 
+higher (as is typical). This works on a per TCP connection basis. You can also 
+use this to artifically limit the transfer rate of the connection. In these 
+cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB. 
+Default is the current system wide tcp receive buffer size.
+
+TcpRcvBufPoll=[yes/no] client/server
+      enable of disable the polling of the tcp receive buffer through the life 
+of the connection. You would want to make sure that this option is enabled 
+for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista) 
+default is yes.
+
+NoneEnabled=[yes/no] client/server
+      enable or disable the use of the None cipher. Care must always be used 
+when enabling this as it will allow users to send data in the clear. However, 
+it is important to note that authentication information remains encrypted 
+even if this option is enabled. Set to no by default.
+
+NoneSwitch=[yes/no] client
+     Switch the encryption cipher being used to the None cipher after
+authentication takes place. NoneEnabled must be enabled on both the client
+and server side of the connection. When the connection switches to the NONE
+cipher a warning is sent to STDERR. The connection attempt will fail with an
+error if a client requests a NoneSwitch from the server that does not explicitly
+have NoneEnabled set to yes. Note: The NONE cipher cannot be used in
+interactive (shell) sessions and it will fail silently. Set to no by default.
+
+HPNDisabled=[yes/no] client/server
+     In some situations, such as transfers on a local area network, the impact 
+of the HPN code produces a net decrease in performance. In these cases it is 
+helpful to disable the HPN functionality. By default HPNDisabled is set to no. 
+
+HPNBufferSize=[int]KB client/server
+     This is the default buffer size the HPN functionality uses when interacting
+with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
+option as applied to the internal SSH flow control. This value can range from 
+1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
+problems depending on the length of the network path. The default size of this buffer
+is 2MB.
+
+
+Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
+         The majority of the actual coding for versions up to HPN12v1 was performed
+         by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR cipher was 
+	 implemented by Ben Bennet (ben@psc.edu) and improved by Mike Tasota 
+	 (tasota@gmail.com) an NSF REU grant recipient for 2013. 
+	 This work was financed, in part, by Cisco System, Inc., the National 
+         Library of Medicine, and the National Science Foundation. 
--- work.clean/openssh-6.8p1/channels.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/channels.c	2015-04-03 15:51:59.599537000 -0500
@@ -183,8 +183,14 @@
 static int connect_next(struct channel_connect *);
 static void channel_connect_ctx_free(struct channel_connect *);
 
+
+#ifdef HPN_ENABLED
+static int hpn_disabled = 0;
+static int hpn_buffer_size = 2 * 1024 * 1024;
+#endif
+
 /* -- channel core */
 
 Channel *
 channel_by_id(int id)
 {
@@ -333,6 +339,9 @@
 	c->local_window_max = window;
 	c->local_consumed = 0;
 	c->local_maxpacket = maxpack;
+#ifdef HPN_ENABLED
+	c->dynamic_window = 0;
+#endif
 	c->remote_id = -1;
 	c->remote_name = xstrdup(remote_name);
 	c->remote_window = 0;
@@ -837,11 +846,41 @@
 		FD_SET(c->sock, writeset);
 }
 
+#ifdef HPN_ENABLED
+static u_int
+channel_tcpwinsz(void)
+{
+	u_int32_t tcpwinsz = 0;
+	socklen_t optsz = sizeof(tcpwinsz);
+	int ret = -1;
+
+	/* if we aren't on a socket return 128KB */
+	if (!packet_connection_is_on_socket())
+		return (128*1024);
+	ret = getsockopt(packet_get_connection_in(),
+	    SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
+	/* return no more than SSHBUF_SIZE_MAX */
+	if (ret == 0 && tcpwinsz > SSHBUF_SIZE_MAX)
+		tcpwinsz = SSHBUF_SIZE_MAX;
+	debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
+	    packet_get_connection_in());
+	return (tcpwinsz);
+}
+#endif
+
 static void
 channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
 {
 	u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
 
+#ifdef HPN_ENABLED
+	/* check buffer limits */
+	if (!c->tcpwinsz || c->dynamic_window > 0)
+		c->tcpwinsz = channel_tcpwinsz();
+
+	limit = MIN(limit, 2 * c->tcpwinsz);
+#endif
+
 	if (c->istate == CHAN_INPUT_OPEN &&
 	    limit > 0 &&
 	    buffer_len(&c->input) < limit &&
@@ -1846,6 +1885,20 @@
 	    c->local_maxpacket*3) ||
 	    c->local_window < c->local_window_max/2) &&
 	    c->local_consumed > 0) {
+#ifdef HPN_ENABLED
+		/* adjust max window size if we are in a dynamic environment */
+		if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
+			u_int addition = 0;
+
+			/*
+			 * grow the window somewhat aggressively to maintain
+			 * pressure
+			 */
+			addition = 1.5*(c->tcpwinsz - c->local_window_max);
+			c->local_window_max += addition;
+			c->local_consumed += addition;
+		}
+#endif
 		packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
 		packet_put_int(c->remote_id);
 		packet_put_int(c->local_consumed);
@@ -2794,6 +2847,17 @@
 	return addr;
 }
 
+#ifdef HPN_ENABLED
+void
+channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
+{
+	hpn_disabled = external_hpn_disabled;
+	hpn_buffer_size = external_hpn_buffer_size;
+	debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled,
+	    hpn_buffer_size);
+}
+#endif
+
 static int
 channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
     int *allocated_listen_port, struct ForwardOptions *fwd_opts)
@@ -2918,9 +2982,20 @@
 		}
 
 		/* Allocate a channel number for the socket. */
+#ifdef HPN_ENABLED
+		/*
+		 * explicitly test for hpn disabled option. if true use smaller
+		 * window size.
+		 */
+		if (!hpn_disabled)
+			c = channel_new("port listener", type, sock, sock, -1,
+			    hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
+			    0, "port listener", 1);
+		else
+#endif
 		c = channel_new("port listener", type, sock, sock, -1,
 		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
 		    0, "port listener", 1);
 		c->path = xstrdup(host);
 		c->host_port = fwd->connect_port;
 		c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
@@ -3952,6 +4027,14 @@
 	*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
 	for (n = 0; n < num_socks; n++) {
 		sock = socks[n];
+#ifdef HPN_ENABLED
+		if (!hpn_disabled)
+			nc = channel_new("x11 listener",
+			    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+			    hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
+			    0, "X11 inet listener", 1);
+		else
+#endif
 		nc = channel_new("x11 listener",
 		    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
 		    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
--- work.clean/openssh-6.8p1/channels.h	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/channels.h	2015-04-03 13:58:44.472717000 -0500
@@ -136,6 +136,10 @@
 	u_int	local_maxpacket;
 	int     extended_usage;
 	int	single_connection;
+#ifdef HPN_ENABLED
+	int	dynamic_window;
+	u_int	tcpwinsz;
+#endif
 
 	char   *ctype;		/* type */
 
@@ -311,4 +315,9 @@
 void	 chan_write_failed(Channel *);
 void	 chan_obuf_empty(Channel *);
 
+#ifdef HPN_ENABLED
+/* hpn handler */
+void     channel_set_hpn(int, int);
+#endif
+
 #endif
--- work.clean/openssh-6.8p1/cipher.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/cipher.c	2015-04-03 16:22:04.972592000 -0500
@@ -244,7 +244,13 @@
 	for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
 	    (p = strsep(&cp, CIPHER_SEP))) {
 		c = cipher_by_name(p);
-		if (c == NULL || c->number != SSH_CIPHER_SSH2) {
+		if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
+#ifdef NONE_CIPHER_ENABLED
+				  c->number != SSH_CIPHER_NONE
+#else
+				  1
+#endif
+				  )) {
 			free(cipher_list);
 			return 0;
 		}
@@ -545,6 +551,9 @@
 
 	switch (c->number) {
 #ifdef WITH_OPENSSL
+#ifdef NONE_CIPHER_ENABLED
+	case SSH_CIPHER_NONE:
+#endif
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:
@@ -593,6 +602,9 @@
 
 	switch (c->number) {
 #ifdef WITH_OPENSSL
+#ifdef NONE_CIPHER_ENABLED
+	case SSH_CIPHER_NONE:
+#endif
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:
--- work.clean/openssh-6.8p1/clientloop.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/clientloop.c	2015-04-03 17:29:40.618489000 -0500
@@ -1909,6 +1909,15 @@
 	sock = x11_connect_display();
 	if (sock < 0)
 		return NULL;
+#ifdef HPN_ENABLED
+	/* again is this really necessary for X11? */
+	if (!options.hpn_disabled)
+		c = channel_new("x11",
+		    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+		    options.hpn_buffer_size,
+		    CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
+	else
+#endif
 	c = channel_new("x11",
 	    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
 	    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
@@ -1934,6 +1943,14 @@
 			    __func__, ssh_err(r));
 		return NULL;
 	}
+#ifdef HPN_ENABLED
+	if (!options.hpn_disabled)
+		c = channel_new("authentication agent connection",
+		    SSH_CHANNEL_OPEN, sock, sock, -1,
+		    options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
+		    "authentication agent connection", 1);
+	else
+#endif
 	c = channel_new("authentication agent connection",
 	    SSH_CHANNEL_OPEN, sock, sock, -1,
 	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
@@ -1964,6 +1981,12 @@
 		return -1;
 	}
 
+#ifdef HPN_ENABLED
+	if (!options.hpn_disabled)
+		c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+		    options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+	else
+#endif
 	c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
 	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
 	c->datagram = 1;
--- work.clean/openssh-6.8p1/compat.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/compat.c	2015-04-03 16:39:57.665699000 -0500
@@ -177,6 +177,14 @@
 			debug("match: %s pat %s compat 0x%08x",
 			    version, check[i].pat, check[i].bugs);
 			datafellows = check[i].bugs;	/* XXX for now */
+#ifdef HPN_ENABLED
+			/* Check to see if the remote side is OpenSSH and not HPN */
+			if (strstr(version,"OpenSSH") != NULL &&
+			    strstr(version,"hpn") == NULL) {
+				datafellows |= SSH_BUG_LARGEWINDOW;
+				debug("Remote is NON-HPN aware");
+			}
+#endif
 			return check[i].bugs;
 		}
 	}
--- work/openssh/compat.h.orig	2015-05-29 03:27:21.000000000 -0500
+++ work/openssh/compat.h	2015-06-02 09:55:04.208681000 -0500
@@ -62,6 +62,9 @@
 #define SSH_BUG_CURVE25519PAD	0x10000000
 #define SSH_BUG_HOSTKEYS	0x20000000
 #define SSH_BUG_DHGEX_LARGE	0x40000000
+#ifdef HPN_ENABLED
+#define SSH_BUG_LARGEWINDOW     0x80000000
+#endif
 
 void     enable_compat13(void);
 void     enable_compat20(void);
--- work.clean/openssh-6.8p1/configure.ac	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/configure.ac	2015-04-03 16:36:28.916502000 -0500
@@ -4238,6 +4238,25 @@
     ]
 ) # maildir
 
+#check whether user wants HPN support
+HPN_MSG="no"
+AC_ARG_WITH(hpn,
+	[  --with-hpn             Enable HPN support],
+	[ if test "x$withval" != "xno" ; then
+		AC_DEFINE(HPN_ENABLED,1,[Define if you want HPN support.])
+		HPN_MSG="yes"
+	fi ]
+)
+#check whether user wants NONECIPHER support
+NONECIPHER_MSG="no"
+AC_ARG_WITH(nonecipher,
+	[  --with-nonecipher             Enable NONECIPHER support],
+	[ if test "x$withval" != "xno" ; then
+		AC_DEFINE(NONE_CIPHER_ENABLED,1,[Define if you want NONECIPHER support.])
+		NONECIPHER_MSG="yes"
+	fi ]
+)
+
 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
 	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
 	disable_ptmx_check=yes
@@ -4905,6 +4924,8 @@
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
 echo "              Random number source: $RAND_MSG"
 echo "             Privsep sandbox style: $SANDBOX_STYLE"
+echo "                       HPN support: $HPN_MSG"
+echo "                NONECIPHER support: $NONECIPHER_MSG"
 
 echo ""
 
--- work.clean/openssh-6.8p1/kex.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/kex.c	2015-04-03 17:06:44.032682000 -0500
@@ -587,6 +587,13 @@
 	int nenc, nmac, ncomp;
 	u_int mode, ctos, need, dh_need, authlen;
 	int r, first_kex_follows;
+#ifdef NONE_CIPHER_ENABLED
+	/* XXX: Could this move into the lower block? */
+	int auth_flag;
+
+	auth_flag = ssh_packet_authentication_state(ssh);
+	debug ("AUTH STATE IS %d", auth_flag);
+#endif
 
 	if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 ||
 	    (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
@@ -635,6 +642,17 @@
 		if ((r = choose_comp(&newkeys->comp, cprop[ncomp],
 		    sprop[ncomp])) != 0)
 			goto out;
+#ifdef NONE_CIPHER_ENABLED
+		debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+		if (strcmp(newkeys->enc.name, "none") == 0) {
+			debug("Requesting NONE. Authflag is %d", auth_flag);
+			if (auth_flag == 1) {
+				debug("None requested post authentication.");
+			} else {
+				fatal("Pre-authentication none cipher requests are not allowed.");
+			}
+		}
+#endif
 		debug("kex: %s %s %s %s",
 		    ctos ? "client->server" : "server->client",
 		    newkeys->enc.name,
--- work.clean/openssh-6.8p1/myproposal.h	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/myproposal.h	2015-04-03 16:43:33.747402000 -0500
@@ -171,6 +171,10 @@
 #define	KEX_DEFAULT_COMP	"none,zlib@openssh.com,zlib"
 #define	KEX_DEFAULT_LANG	""
 
+#ifdef NONE_CIPHER_ENABLED
+#define KEX_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT ",none"
+#endif
+
 #define KEX_CLIENT \
 	KEX_CLIENT_KEX, \
 	KEX_DEFAULT_PK_ALG, \
--- work.clean/openssh-6.8p1/packet.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/packet.c	2015-04-03 16:10:57.002066000 -0500
@@ -2199,6 +2199,24 @@
 	}
 }
 
+#ifdef NONE_CIPHER_ENABLED
+/* this supports the forced rekeying required for the NONE cipher */
+int rekey_requested = 0;
+void
+packet_request_rekeying(void)
+{
+	rekey_requested = 1;
+}
+
+int
+ssh_packet_authentication_state(struct ssh *ssh)
+{
+	struct session_state *state = ssh->state;
+
+	return(state->after_authentication);
+}
+#endif
+
 #define MAX_PACKETS	(1U<<31)
 int
 ssh_packet_need_rekeying(struct ssh *ssh)
@@ -2207,6 +2225,12 @@
 
 	if (ssh->compat & SSH_BUG_NOREKEY)
 		return 0;
+#ifdef NONE_CIPHER_ENABLED
+        if (rekey_requested == 1) {
+               rekey_requested = 0;
+               return 1;
+        }
+#endif
 	return
 	    (state->p_send.packets > MAX_PACKETS) ||
 	    (state->p_read.packets > MAX_PACKETS) ||
--- work.clean/openssh-6.8p1/packet.h	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/packet.h	2015-04-03 16:10:34.728161000 -0500
@@ -188,6 +188,11 @@
 int	sshpkt_get_end(struct ssh *ssh);
 const u_char	*sshpkt_ptr(struct ssh *, size_t *lenp);
 
+#ifdef NONE_CIPHER_ENABLED
+void  packet_request_rekeying(void);
+int   ssh_packet_authentication_state(struct ssh *ssh);
+#endif
+
 /* OLD API */
 extern struct ssh *active_state;
 #include "opacket.h"
--- work.clean/openssh-6.8p1/readconf.c	2015-04-01 22:07:18.135435000 -0500
+++ work/openssh-6.8p1/readconf.c	2015-04-03 15:10:44.188916000 -0500
@@ -154,6 +154,12 @@
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
 	oVisualHostKey, oUseRoaming,
 	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+#ifdef HPN_ENABLED
+	oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
+#endif
+#ifdef NONE_CIPHER_ENABLED
+	oNoneSwitch, oNoneEnabled, 
+#endif
 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
 	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
@@ -276,6 +282,16 @@
 	{ "fingerprinthash", oFingerprintHash },
 	{ "updatehostkeys", oUpdateHostkeys },
 	{ "hostbasedkeytypes", oHostbasedKeyTypes },
+#ifdef NONE_CIPHER_ENABLED
+	{ "noneenabled", oNoneEnabled },
+	{ "noneswitch", oNoneSwitch },
+#endif
+#ifdef HPN_ENABLED
+	{ "tcprcvbufpoll", oTcpRcvBufPoll },
+	{ "tcprcvbuf", oTcpRcvBuf },
+	{ "hpndisabled", oHPNDisabled },
+	{ "hpnbuffersize", oHPNBufferSize },
+#endif
 	{ "ignoreunknown", oIgnoreUnknown },
 
 	{ NULL, oBadOption }
@@ -917,6 +933,44 @@
 		intptr = &options->check_host_ip;
 		goto parse_flag;
 
+#ifdef HPN_ENABLED
+	case oHPNDisabled:
+		intptr = &options->hpn_disabled;
+		goto parse_flag;
+
+	case oHPNBufferSize:
+		intptr = &options->hpn_buffer_size;
+		goto parse_int;
+
+	case oTcpRcvBufPoll:
+		intptr = &options->tcp_rcv_buf_poll;
+		goto parse_flag;
+
+	case oTcpRcvBuf:
+		intptr = &options->tcp_rcv_buf;
+		goto parse_int;
+#endif
+
+#ifdef NONE_CIPHER_ENABLED
+        case oNoneEnabled:
+               	intptr = &options->none_enabled;
+               	goto parse_flag;
+ 
+       	/* we check to see if the command comes from the */
+       	/* command line or not. If it does then enable it */
+       	/* otherwise fail. NONE should never be a default configuration */
+       	case oNoneSwitch:
+               	if(strcmp(filename,"command-line") == 0) {
+                       	intptr = &options->none_switch;
+                       	goto parse_flag;
+               	} else {
+                       	error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
+                       	error("Continuing...");
+                       	debug("NoneSwitch directive found in %.200s.", filename);
+                       	return 0;
+               	}
+#endif
+
 	case oVerifyHostKeyDNS:
 		intptr = &options->verify_host_key_dns;
 		multistate_ptr = multistate_yesnoask;
@@ -1678,6 +1732,16 @@
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->request_tty = -1;
+#ifdef NONE_CIPHER_ENABLED
+	options->none_switch = -1;
+	options->none_enabled = -1;
+#endif
+#ifdef HPN_ENABLED
+	options->hpn_disabled = -1;
+	options->hpn_buffer_size = -1;
+	options->tcp_rcv_buf_poll = -1;
+	options->tcp_rcv_buf = -1;
+#endif
 	options->proxy_use_fdpass = -1;
 	options->ignored_unknown = NULL;
 	options->num_canonical_domains = 0;
@@ -1838,6 +1902,35 @@
 		options->server_alive_interval = 0;
 	if (options->server_alive_count_max == -1)
 		options->server_alive_count_max = 3;
+#ifdef NONE_CIPHER_ENABLED
+	if (options->none_switch == -1)
+		options->none_switch = 0;
+	if (options->none_enabled == -1)
+		options->none_enabled = 0;
+#endif
+#ifdef HPN_ENABLED
+	if (options->hpn_disabled == -1)
+		options->hpn_disabled = 0;
+	if (options->hpn_buffer_size > -1) {
+		/* if a user tries to set the size to 0 set it to 1KB */
+		if (options->hpn_buffer_size == 0)
+			options->hpn_buffer_size = 1;
+		/* limit the buffer to 64MB */
+		if (options->hpn_buffer_size > 64*1024) {
+			options->hpn_buffer_size = 64*1024*1024;
+			debug("User requested buffer larger than 64MB. Request"
+			    " reverted to 64MB");
+		} else
+			options->hpn_buffer_size *= 1024;
+		debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
+	}
+	if (options->tcp_rcv_buf == 0)
+		options->tcp_rcv_buf = 1;
+	if (options->tcp_rcv_buf > -1)
+		options->tcp_rcv_buf *=1024;
+	if (options->tcp_rcv_buf_poll == -1)
+		options->tcp_rcv_buf_poll = 1;
+#endif
 	if (options->control_master == -1)
 		options->control_master = 0;
 	if (options->control_persist == -1) {
--- work.clean/openssh-6.8p1/readconf.h	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/readconf.h	2015-04-03 13:47:45.670125000 -0500
@@ -105,6 +105,16 @@
 	int	clear_forwardings;
 
 	int	enable_ssh_keysign;
+#ifdef NONE_CIPHER_ENABLED
+	int     none_switch;    /* Use none cipher */
+	int     none_enabled;   /* Allow none to be used */ 
+#endif
+#ifdef HPN_ENABLED
+	int     tcp_rcv_buf; /* user switch to set tcp recv buffer */
+	int     tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
+	int     hpn_disabled;    /* Switch to disable HPN buffer management */
+	int     hpn_buffer_size; /* User definable size for HPN buffer window */
+#endif
 	int64_t rekey_limit;
 	int	rekey_interval;
 	int	no_host_authentication_for_localhost;
--- work.clean/openssh-6.8p1/scp.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/scp.c	2015-04-02 16:51:25.108407000 -0500
@@ -750,7 +750,7 @@
 	off_t i, statbytes;
 	size_t amt, nr;
 	int fd = -1, haderr, indx;
-	char *last, *name, buf[2048], encname[PATH_MAX];
+	char *last, *name, buf[16384], encname[PATH_MAX];
 	int len;
 
 	for (indx = 0; indx < argc; ++indx) {
@@ -919,7 +919,7 @@
 	off_t size, statbytes;
 	unsigned long long ull;
 	int setimes, targisdir, wrerrno = 0;
-	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
+	char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
 	struct timeval tv[2];
 
 #define	atime	tv[0]
--- work/openssh/servconf.c.orig	2015-05-29 03:27:21.000000000 -0500
+++ work/openssh/servconf.c	2015-06-02 09:56:36.041601000 -0500
@@ -163,6 +163,14 @@ initialize_server_options(ServerOptions 
 	options->authorized_principals_file = NULL;
 	options->authorized_principals_command = NULL;
 	options->authorized_principals_command_user = NULL;
+#ifdef NONE_CIPHER_ENABLED
+	options->none_enabled = -1;
+#endif
+#ifdef HPN_ENABLED
+	options->tcp_rcv_buf_poll = -1;
+	options->hpn_disabled = -1;
+	options->hpn_buffer_size = -1;
+#endif
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->version_addendum = NULL;
@@ -329,6 +337,57 @@ fill_default_server_options(ServerOption
 	}
 	if (options->permit_tun == -1)
 		options->permit_tun = SSH_TUNMODE_NO;
+#ifdef NONE_CIPHER_ENABLED
+	if (options->none_enabled == -1) 
+		options->none_enabled = 0;
+#endif
+#ifdef HPN_ENABLED
+	if (options->hpn_disabled == -1) 
+		options->hpn_disabled = 0;
+
+	if (options->hpn_buffer_size == -1) {
+		/*
+		 * option not explicitly set. Now we have to figure out
+		 * what value to use.
+		 */
+		if (options->hpn_disabled == 1) {
+			options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
+		} else {
+			int sock, socksize;
+			socklen_t socksizelen = sizeof(socksize);
+
+			/*
+			 * get the current RCV size and set it to that
+			 * create a socket but don't connect it
+			 * we use that the get the rcv socket size
+			 */
+			sock = socket(AF_INET, SOCK_STREAM, 0);
+			getsockopt(sock, SOL_SOCKET, SO_RCVBUF, 
+			    &socksize, &socksizelen);
+			close(sock);
+			options->hpn_buffer_size = socksize;
+			debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
+		} 
+	} else {
+		/*
+		 * we have to do this incase the user sets both values in a
+		 * contradictory manner. hpn_disabled overrrides
+		 * hpn_buffer_size
+		 */
+		if (options->hpn_disabled <= 0) {
+			if (options->hpn_buffer_size == 0)
+				options->hpn_buffer_size = 1;
+			/* limit the maximum buffer to 64MB */
+			if (options->hpn_buffer_size > 64*1024) {
+				options->hpn_buffer_size = 64*1024*1024;
+			} else {
+				options->hpn_buffer_size *= 1024;
+			}
+		} else
+			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
+	}
+#endif
+
 	if (options->ip_qos_interactive == -1)
 		options->ip_qos_interactive = IPTOS_LOWDELAY;
 	if (options->ip_qos_bulk == -1)
@@ -406,6 +465,12 @@ typedef enum {
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
 	sHostCertificate,
 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+#ifdef NONE_CIPHER_ENABLED
+	sNoneEnabled,
+#endif
+#ifdef HPN_ENABLED
+	sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+#endif
 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
 	sKexAlgorithms, sIPQoS, sVersionAddendum,
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
@@ -537,6 +602,14 @@ static struct {
 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+#ifdef NONE_CIPHER_ENABLED
+	{ "noneenabled", sNoneEnabled, SSHCFG_ALL },
+#endif
+#ifdef HPN_ENABLED
+	{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
+	{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
+	{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
+#endif
 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
 	{ "ipqos", sIPQoS, SSHCFG_ALL },
 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
@@ -1156,6 +1229,25 @@ process_server_config_line(ServerOptions
 		intptr = &options->ignore_user_known_hosts;
 		goto parse_flag;
 
+#ifdef NONE_CIPHER_ENABLED
+	case sNoneEnabled:
+		intptr = &options->none_enabled;
+		goto parse_flag;
+#endif
+#ifdef HPN_ENABLED
+	case sTcpRcvBufPoll:
+		intptr = &options->tcp_rcv_buf_poll;
+		goto parse_flag;
+
+	case sHPNDisabled:
+		intptr = &options->hpn_disabled;
+		goto parse_flag;
+
+	case sHPNBufferSize:
+		intptr = &options->hpn_buffer_size;
+		goto parse_int;
+#endif
+
 	case sRhostsRSAAuthentication:
 		intptr = &options->rhosts_rsa_authentication;
 		goto parse_flag;
--- work.clean/openssh-6.8p1/servconf.h	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/servconf.h	2015-04-03 13:48:37.316827000 -0500
@@ -169,6 +169,15 @@
 
 	int	use_pam;		/* Enable auth via PAM */
 
+#ifdef NONE_CIPHER_ENABLED
+	int	none_enabled;		/* enable NONE cipher switch */	
+#endif
+#ifdef HPN_ENABLED
+	int     tcp_rcv_buf_poll;       /* poll tcp rcv window in autotuning kernels*/
+	int	hpn_disabled;		/* disable hpn functionality. false by default */
+	int	hpn_buffer_size;	/* set the hpn buffer size - default 3MB */
+#endif
+
 	int	permit_tun;
 
 	int	num_permitted_opens;
--- work.clean/openssh-6.8p1/serverloop.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/serverloop.c	2015-04-03 17:14:15.182548000 -0500
@@ -1051,6 +1051,12 @@
 	sock = tun_open(tun, mode);
 	if (sock < 0)
 		goto done;
+#ifdef HPN_ENABLED
+	if (!options.hpn_disabled)
+		c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+		    options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+	else
+#endif
 	c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
 	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
 	c->datagram = 1;
@@ -1088,6 +1094,10 @@
 	c = channel_new("session", SSH_CHANNEL_LARVAL,
 	    -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
 	    0, "server-session", 1);
+#ifdef HPN_ENABLED
+	if (options.tcp_rcv_buf_poll && !options.hpn_disabled)
+		c->dynamic_window = 1;
+#endif
 	if (session_open(the_authctxt, c->self) != 1) {
 		debug("session open failed, free channel %d", c->self);
 		channel_free(c);
--- work.clean/openssh-6.8p1/session.c	2015-04-01 22:07:18.149110000 -0500
+++ work/openssh-6.8p1/session.c	2015-04-03 17:09:02.984097000 -0500
@@ -2340,6 +2340,14 @@
 	 */
 	if (s->chanid == -1)
 		fatal("no channel for session %d", s->self);
+#ifdef HPN_ENABLED
+	if (!options.hpn_disabled)
+		channel_set_fds(s->chanid,
+		    fdout, fdin, fderr,
+		    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+		    1, is_tty, options.hpn_buffer_size);
+	else
+#endif
 	channel_set_fds(s->chanid,
 	    fdout, fdin, fderr,
 	    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
--- work.clean/openssh-6.8p1/sftp.1	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/sftp.1	2015-04-01 22:16:49.921688000 -0500
@@ -263,7 +263,8 @@
 Specify how many requests may be outstanding at any one time.
 Increasing this may slightly improve file transfer speed
 but will increase memory usage.
-The default is 64 outstanding requests.
+The default is 256 outstanding requests providing for 8MB
+of outstanding data with a 32KB buffer.
 .It Fl r
 Recursively copy entire directories when uploading and downloading.
 Note that
--- work.clean/openssh-6.8p1/sftp.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/sftp.c	2015-04-03 17:16:00.959795000 -0500
@@ -71,7 +71,11 @@
 #include "sftp-client.h"
 
 #define DEFAULT_COPY_BUFLEN	32768	/* Size of buffer for up/download */
+#ifdef HPN_ENABLED
+#define DEFAULT_NUM_REQUESTS	256	/* # concurrent outstanding requests */
+#else
 #define DEFAULT_NUM_REQUESTS	64	/* # concurrent outstanding requests */
+#endif
 
 /* File to read commands from */
 FILE* infile;
--- work.clean/openssh-6.8p1/ssh.c	2015-04-01 22:07:18.166356000 -0500
+++ work/openssh-6.8p1/ssh.c	2015-04-03 17:16:34.114673000 -0500
@@ -885,6 +885,14 @@
 			break;
 		case 'T':
 			options.request_tty = REQUEST_TTY_NO;
+#ifdef NONE_CIPHER_ENABLED
+			/*
+			 * ensure that the user doesn't try to backdoor a
+			 * null cipher switch on an interactive session
+			 * so explicitly disable it no matter what.
+			 */
+			options.none_switch = 0;
+#endif
 			break;
 		case 'o':
 			line = xstrdup(optarg);
@@ -1848,9 +1856,85 @@
 	if (!isatty(err))
 		set_nonblock(err);
 
+#ifdef HPN_ENABLED
+	/*
+	 * we need to check to see if what they want to do about buffer
+	 * sizes here. In a hpn to nonhpn connection we want to limit
+	 * the window size to something reasonable in case the far side
+	 * has the large window bug. In hpn to hpn connection we want to
+	 * use the max window size but allow the user to override it
+	 * lastly if they disabled hpn then use the ssh std window size
+
+	 * so why don't we just do a getsockopt() here and set the
+	 * ssh window to that? In the case of a autotuning receive
+	 * window the window would get stuck at the initial buffer
+	 * size generally less than 96k. Therefore we need to set the
+	 * maximum ssh window size to the maximum hpn buffer size
+	 * unless the user has specifically set the tcprcvbufpoll
+	 * to no. In which case we *can* just set the window to the
+	 * minimum of the hpn buffer size and tcp receive buffer size
+	 */
+
+	if (tty_flag)
+		options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
+	else
+		options.hpn_buffer_size = 2*1024*1024;
+
+	if (datafellows & SSH_BUG_LARGEWINDOW) {
+		debug("HPN to Non-HPN Connection");
+	} else {
+		int sock, socksize;
+		socklen_t socksizelen = sizeof(socksize);
+
+		if (options.tcp_rcv_buf_poll <= 0) {
+			sock = socket(AF_INET, SOCK_STREAM, 0);
+			getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+			    &socksize, &socksizelen);
+			close(sock);
+			debug("socksize %d", socksize);
+			options.hpn_buffer_size = socksize;
+			debug ("HPNBufferSize set to TCP RWIN: %d",
+			    options.hpn_buffer_size);
+		} else {
+			if (options.tcp_rcv_buf > 0) {
+				/*
+				 * create a socket but don't connect it.
+				 * we use that the get the rcv socket size
+				 */
+				sock = socket(AF_INET, SOCK_STREAM, 0);
+				/*
+				 * if they are using the tcp_rcv_buf option
+				 * attempt to set the buffer size to that
+				 */
+				if (options.tcp_rcv_buf)
+					setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+					    (void *)&options.tcp_rcv_buf,
+					    sizeof(options.tcp_rcv_buf));
+				getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+				    &socksize, &socksizelen);
+				close(sock);
+				debug("socksize %d", socksize);
+				options.hpn_buffer_size = socksize;
+				debug ("HPNBufferSize set to user TCPRcvBuf: "
+				    "%d", options.hpn_buffer_size);
+			}
+		}
+	}
+
+	debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
+
+	window = options.hpn_buffer_size;
+
+	channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+#else
 	window = CHAN_SES_WINDOW_DEFAULT;
+#endif
+
 	packetmax = CHAN_SES_PACKET_DEFAULT;
 	if (tty_flag) {
+#ifdef HPN_ENABLED
+		window = CHAN_SES_WINDOW_DEFAULT;
+#endif
 		window >>= 1;
 		packetmax >>= 1;
 	}
@@ -1859,6 +1943,12 @@
 	    window, packetmax, CHAN_EXTENDED_WRITE,
 	    "client-session", /*nonblock*/0);
 
+#ifdef HPN_ENABLED
+	if (options.tcp_rcv_buf_poll > 0 && !options.hpn_disabled) {
+		c->dynamic_window = 1;
+		debug ("Enabled Dynamic Window Scaling");
+	}
+#endif
 	debug3("ssh_session2_open: channel_new: %d", c->self);
 
 	channel_send_open(c->self);
--- work.clean/openssh-6.8p1/sshconnect.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/sshconnect.c	2015-04-03 16:32:38.204744000 -0500
@@ -266,6 +266,31 @@
 		kill(proxy_command_pid, SIGHUP);
 }
 
+#ifdef HPN_ENABLED
+/*
+ * Set TCP receive buffer if requested.
+ * Note: tuning needs to happen after the socket is
+ * created but before the connection happens
+ * so winscale is negotiated properly -cjr
+ */
+static void
+ssh_set_socket_recvbuf(int sock)
+{
+	void *buf = (void *)&options.tcp_rcv_buf;
+	int sz = sizeof(options.tcp_rcv_buf);
+	int socksize;
+	socklen_t socksizelen = sizeof(socksize);
+
+	debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf);
+	if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
+	  getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen);
+	  debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize);
+	} else
+		error("Couldn't set socket receive buffer to %d: %.100s",
+		    options.tcp_rcv_buf, strerror(errno));
+}
+#endif
+
 /*
  * Creates a (possibly privileged) socket for use as the ssh connection.
  */
@@ -282,6 +307,11 @@
 	}
 	fcntl(sock, F_SETFD, FD_CLOEXEC);
 
+#ifdef HPN_ENABLED
+	if (options.tcp_rcv_buf > 0)
+		ssh_set_socket_recvbuf(sock);
+#endif
+
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL && !privileged)
 		return sock;
@@ -523,11 +553,23 @@ send_client_banner(int connection_out, i
 {
 	/* Send our own protocol version identification. */
 	if (compat20) {
-		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+		xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n",
+		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+#ifdef HPN_ENABLED
+		    options.hpn_disabled ? "" : SSH_HPN
+#else
+		    ""
+#endif
+		    );
 	} else {
-		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
-		    PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
+		xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\n",
+		    PROTOCOL_MAJOR_1, minor1, SSH_VERSION,
+#ifdef HPN_ENABLED
+		    options.hpn_disabled ? "" : SSH_HPN
+#else
+		    ""
+#endif
+		    );
 	}
 	if (roaming_atomicio(vwrite, connection_out, client_version_string,
 	    strlen(client_version_string)) != strlen(client_version_string))
--- work.clean/openssh-6.8p1/sshconnect2.c	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/sshconnect2.c	2015-04-03 16:54:23.936298000 -0500
@@ -80,6 +80,14 @@
 extern char *client_version_string;
 extern char *server_version_string;
 extern Options options;
+#ifdef NONE_CIPHER_ENABLED
+struct kex *xxx_kex;
+
+/* tty_flag is set in ssh.c. use this in ssh_userauth2 */
+/* if it is set then prevent the switch to the null cipher */
+
+extern int tty_flag;
+#endif
 
 /*
  * SSH2 key exchange
@@ -153,13 +161,16 @@
 	return ret;
 }
 
+static char *myproposal[PROPOSAL_MAX];
+static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT };
 void
 ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 {
-	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	struct kex *kex;
 	int r;
 
+	memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
+
 	xxx_host = host;
 	xxx_hostaddr = hostaddr;
 
@@ -222,6 +233,10 @@
 	kex->server_version_string=server_version_string;
 	kex->verify_host_key=&verify_host_key_callback;
 
+#ifdef NONE_CIPHER_ENABLED
+	xxx_kex = kex;
+#endif
+
 	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
 
 	if (options.use_roaming && !kex->roaming) {
@@ -423,6 +438,29 @@
 	pubkey_cleanup(&authctxt);
 	dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
 
+#ifdef NONE_CIPHER_ENABLED
+	/*
+	 * if the user wants to use the none cipher do it
+	 * post authentication and only if the right conditions are met
+	 * both of the NONE commands must be true and there must be no
+	 * tty allocated.
+	 */
+	if ((options.none_switch == 1) && (options.none_enabled == 1)) {
+		if (!tty_flag) { /* no null on tty sessions */
+			debug("Requesting none rekeying...");
+			myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
+			myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
+			kex_prop2buf(xxx_kex->my, myproposal);
+			packet_request_rekeying();
+			fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
+		} else {
+			/* requested NONE cipher when in a tty */
+			debug("Cannot switch to NONE cipher with tty allocated");
+			fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
+		}
+	}
+#endif
+
 	debug("Authentication succeeded (%s).", authctxt.method->name);
 }
 
--- work.clean/openssh-6.8p1/sshd.c.orig	2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/sshd.c	2015-05-06 13:29:02.129507000 -0500
@@ -430,8 +430,13 @@ sshd_exchange_identification(int sock_in
 		minor = PROTOCOL_MINOR_1;
 	}
 
-	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
 	    major, minor, SSH_VERSION,
+#ifdef HPN_ENABLED
+	    options.hpn_disabled ? "" : SSH_HPN,
+#else
+	    "",
+#endif
 	    *options.version_addendum == '\0' ? "" : " ",
 	    options.version_addendum, newline);
 
@@ -1149,6 +1154,10 @@ server_listen(void)
 	int ret, listen_sock, on = 1;
 	struct addrinfo *ai;
 	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+#ifdef HPN_ENABLED
+	int socksize;
+	socklen_t socksizelen = sizeof(socksize);
+#endif
 
 	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
 		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@@ -1189,6 +1198,13 @@ server_listen(void)
 
 		debug("Bind to port %s on %s.", strport, ntop);
 
+#ifdef HPN_ENABLED
+		getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
+				   &socksize, &socksizelen);
+		debug("Server TCP RWIN socket size: %d", socksize);
+		debug("HPN Buffer Size: %d", options.hpn_buffer_size);
+#endif
+
 		/* Bind the socket to the desired port. */
 		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
 			error("Bind to port %s on %s failed: %.200s.",
@@ -2132,6 +2148,11 @@ main(int ac, char **av)
 	    remote_ip, remote_port,
 	    get_local_ipaddr(sock_in), get_local_port());
 
+#ifdef HPN_ENABLED
+	/* set the HPN options for the child */
+	channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+#endif
+
 	/*
 	 * We don't want to listen forever unless the other side
 	 * successfully authenticates itself.  So we set up an alarm which is
@@ -2531,6 +2552,12 @@ do_ssh2_kex(void)
 	if (options.ciphers != NULL) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+#ifdef NONE_CIPHER_ENABLED
+        } else if (options.none_enabled == 1) {
+                debug ("WARNING: None cipher enabled");
+                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+                myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE;
+#endif
 	}
 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
--- work.clean/openssh-6.8p1/sshd_config	2015-04-01 22:07:18.248858000 -0500
+++ work/openssh-6.8p1/sshd_config	2015-04-01 22:16:49.932279000 -0500
@@ -127,6 +127,20 @@
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
 
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+ 
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# allow the use of the none cipher
+#NoneEnabled no
+
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no
--- work.clean/openssh-6.8p1/version.h	2015-04-01 22:07:18.258955000 -0500
+++ work/openssh-6.8p1/version.h	2015-04-02 16:51:25.209617000 -0500
@@ -3,4 +3,5 @@
 #define SSH_VERSION	"OpenSSH_6.8"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+#define SSH_HPN         "-hpn14v5"
